Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Bartalex’s Latest Variant, a Dyre and Pony Dropper

Security researchers have spotted Bartalex, a malicious program of the macro type, which first emerged initially in 2015, with variants that are installing the banker Trojan Dyre and the loader malware Pony, published threatpost.com, July 22, 2015.

Bartalex, which proliferates via spam mail, had its first strains noticeable to researchers during late-March when they appeared implanted on Microsoft Excel/Word macros.

Over a decade-or-more, macros have shown as well-known infection technique, however, like frequently with malware, no matter how old the program is, it appears in a renewed form. Thus, the macro medium actually stayed and lately it has been booby-trapped in Word documents with the technique somewhat returning. Even the Malware Protection Center of Microsoft has propounded an alarm over a rising count of threats during January that employed macros.

Security Researcher named Brad Duncan of Rackspace a cloud-computing company as well as handler engaged with SANS Internet Storm Center lately detected one Word document that was tainted with Bartalex for propagation. Threatpost.com published this.

Seemingly, the mentioned Word file impersonated ADP the payroll facility while being associated with one discarded payment from ACH (Automated Clearing House).

And while Bartalex delivers Dyre, Duncan observed that data of certain digital certificate was used normally pertaining to SSL traffic which Dyre produced.

Duncan states that certain amount of traffic after Dyre spread infection was reviewed within Wireshark an analyzer of network protocol in Windows/Unix. By utilizing "Decode As" within the "Analyze" menu of Wireshark followed with highlighting SSL one could view the data appropriately parsed. Duncan's team detected certificate data normally observed within SSL traffic that Dyre produced, Duncan explains.

Earlier during April, investigators of malware found Bartalex's latest variant proliferating via several thousand malevolent web-links to Dropbox. The same strain was utilized for installing Dyre onto the contaminated PC.

Disturbingly, spam involving Bartalex remains a concern. Sometimes, the Bartalex attachments may successfully dodge anti-spam filters prior to their detection by anti-virus solutions. Luckily, traffic after infection kick-starts network warnings. But with sufficient monitoring from network security, any organization can spot end-users who may become victimized with the Bartalex spam, concludes Duncan. Isc.sans.edu reported this, July 22, 2015.

» SPAMfighter News - 8/3/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page